Select MF (Master-File) - Read EEPROM of a javacard

Question

I have two different javacard with below ATRs :

1. 3B 68 00 00 00 73 C8 40 12 00 90 00
2. 3b 7F 94 00 00 80 31 80 65 B0 85 02 02 ED 12 0F FF 82 90 00

Let assume that I want to Select MF.As far as I know, and mentioned in ISO 7815-4 , we can select Master File with 00 A4 00 00 or 00 A4 00 00 02 3F 00.

---

But when I send select MF command for the first card I receive 6A86[Incorrect parameters P1-P2].

Q1 : Does this mean MY card is not compliant with ISO-7816?! If no, what's is the reason of this error?

And for the second card when I send SELECT MASTER FILE command and then GET RESPONSE command (00 CO OO OO 12), I receive the below output.

Q2 : What kind of information I can gain of this outut?

Q3 : If I don't know my card file's IDs, Can I gain them with a brute brute-force on P1-P2=0000 to P1-P2=FFFF? I mean may this brute-force make my card lock?

Q4 : If I know only authentication keys of my card and nothin else, is there any way to read whole the EEPROM? if yes, how?

Thank you

Answer 1

A1: Your card is partially ISO 7816 compliant (like most cards out there). It will - in all likelyhood - not support SELECT MF out of the box. If required, you can make your Applet "default selected" (during INSTALL for INSTALL) - meaning that the Applet becomes selected directly after the ATR - and implement the behavior yourself.

A2: SELECT will return FCI/FCP (file control information, file control parameters) information if P2 is set to 00. What is returned again depends on the card. Sometimes it is easier to only support P2 = 0C indicating that no information is returned. This is however only available as ISO CASE 3 command, meaning that only command data is supplied (no Le byte(s)). So the 4 byte SELECT MF won't work.

A3: Yes, you can. Reading out information or selecting files does not burn through EEPROM or flash if the card is programmed correctly. Bar a EF.ATR now and then, not much files should be present on a pristine Java Card without installed Applets or native applications though. Only do this for testing purposes though, selecting all possible files during a normal read is not efficient (and some EEPROM / flash read/writes may be required for security purposes, although the OS developer should be aware of this).

A4: No, you require full card access to do that. This functionality is usually preserved to manufacturers and creators of Java Card operating systems.

Note that INITIALIZE UPDATE / EXTERNAL AUTHENTICATE is specific to the Global Platform Card Manager or Security Domains. It makes no sense to perform a SELECT MF from the Card Manager.

Answer 2

Q1 : Does this mean MY card is not compliant with ISO-7816?! If no, what's is the reason of this error?

• A1 : Your card is ISO 7816 compliant and selection methods are vendor specific see
  it depends on vendor, you directly ask your vendor about supported selection methods. or you can check ATR to know which methods are supported in Table-86 in ISO 7816-4

Q2 : What kind of information I can gain of this outut?

• A2 : This is File control parameter(FCP) which is defined in Table-12 of ISO 7816-4 see
  it is 85 in your case.

Q3 : If I don't know my card file's IDs, Can I gain them with a brute brute-force on P1-P2=0000 to P1-P2=FFFF? I mean may this brute-force make my card lock?

• A3 : i will not suggest this, you can simply ask your vendor about file structure present in your card, using brute-force will also decrease endurance of your card.

Q4 : If I know only authentication keys of my card and nothin else, is there any way to read whole the EEPROM? if yes, how?

• A4 : There is no standard command to read whole EEPROM at once.